From 52c8476b49aab2a54c875d14ddab7ac26b010a32 Mon Sep 17 00:00:00 2001 From: Joanna Jeremicz Date: Mon, 5 Jul 2021 16:47:58 +0200 Subject: [PATCH] [OOM-CERT-SERVICE] Add Certification Request functionality Issue-ID: OOM-2753 Signed-off-by: Joanna Jeremicz Change-Id: Id8702dd45254f0e82d9b71e5e69372569e523838 --- .../certification/CertificationModelFactory.java | 2 +- .../certification/CertificationProvider.java | 6 ++++ .../oom/certservice/cmpv2client/api/CmpClient.java | 13 ++++++++ .../cmpv2client/impl/CmpClientImpl.java | 39 +++++++++++++++------- .../CertificationModelFactoryTest.java | 34 ++++++++++++++----- .../certification/CertificationProviderTest.java | 22 ++++++++++++ .../certservice/cmpv2client/ClientTestData.java | 1 + .../certservice/cmpv2client/Cmpv2ClientTest.java | 29 ++++++++++++++++ 8 files changed, 124 insertions(+), 22 deletions(-) diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java index a5076a38..dddeb2d3 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationModelFactory.java @@ -99,7 +99,7 @@ public class CertificationModelFactory { } else { LOGGER.info( "Certificate Signing Request and Old Certificate have different parameters. Preparing Certification Request"); - throw new UnsupportedOperationException("TODO: implement CR in separate MR"); + return certificationProvider.certificationRequest(csrModel, cmpv2Server); } } } diff --git a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java index bfa83103..17e23e39 100644 --- a/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java +++ b/certService/src/main/java/org/onap/oom/certservice/certification/CertificationProvider.java @@ -67,6 +67,12 @@ public class CertificationProvider { convertFromX509CertificateListToPemList(certificates.getTrustedCertificates())); } + public CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException { + Cmpv2CertificationModel certificates = cmpClient.certificationRequest(csrModel, cmpv2Server); + return new CertificationModel(convertFromX509CertificateListToPemList(certificates.getCertificateChain()), + convertFromX509CertificateListToPemList(certificates.getTrustedCertificates())); + } + private static List convertFromX509CertificateListToPemList(List certificates) { return certificates.stream().map(CertificationProvider::convertFromX509CertificateToPem).filter(cert -> !cert.isEmpty()) .collect(Collectors.toList()); diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java index 5ded3056..88c73c04 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/api/CmpClient.java @@ -88,4 +88,17 @@ public interface CmpClient { */ Cmpv2CertificationModel updateCertificate(CsrModel csrModel, Cmpv2Server cmpv2Server, CertificateUpdateModel certificateUpdateModel) throws CmpClientException; + + /** + * Requests for an additional External Root CA Certificate to be created for the passed keyPair wrapped + * in a CSRMeta with common details. Basic Authentication using IAK/RV, Verification of the signature + * (proof-of-possession) on the request is performed and an Exception thrown if verification fails + * or issue encountered in fetching certificate from CA. + * + * @param csrModel Certificate Signing Request Model. Must not be {@code null}. + * @param cmpv2Server CMPv2 server. Must not be {@code null}. + * @return model for certification containing certificate chain and trusted certificates + * @throws CmpClientException if client error occurs. + */ + Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException; } diff --git a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java index 270b5995..549cf6b9 100644 --- a/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java +++ b/certService/src/main/java/org/onap/oom/certservice/cmpv2client/impl/CmpClientImpl.java @@ -93,18 +93,7 @@ public class CmpClientImpl implements CmpClient { throws CmpClientException { validate(csrModel, server, httpClient, notBefore, notAfter); - - final String iak = server.getAuthentication().getIak(); - final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak); - final CreateCertRequest certRequest = - getCmpMessageBuilderWithCommonRequestValues(csrModel, server) - .with(CreateCertRequest::setNotBefore, notBefore) - .with(CreateCertRequest::setNotAfter, notAfter) - .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv()) - .with(CreateCertRequest::setCmpRequestType, PKIBody.TYPE_INIT_REQ) - .with(CreateCertRequest::setProtection, pkiMessageProtection) - .build(); - + final CreateCertRequest certRequest = getIakRvRequest(csrModel, server, notBefore, notAfter, PKIBody.TYPE_INIT_REQ); return executeCmpRequest(csrModel, server, certRequest); } @@ -131,6 +120,32 @@ public class CmpClientImpl implements CmpClient { } + @Override + public Cmpv2CertificationModel certificationRequest(CsrModel csrModel, Cmpv2Server cmpv2Server) throws CmpClientException { + + validate(csrModel, cmpv2Server, httpClient, null, null); + final CreateCertRequest certRequest = getIakRvRequest(csrModel, cmpv2Server, null, null, PKIBody.TYPE_CERT_REQ); + return executeCmpRequest(csrModel, cmpv2Server, certRequest); + } + + private CreateCertRequest getIakRvRequest( + CsrModel csrModel, + Cmpv2Server server, + Date notBefore, + Date notAfter, + int requestType) { + + final String iak = server.getAuthentication().getIak(); + final PkiMessageProtection pkiMessageProtection = new PasswordBasedProtection(iak); + return getCmpMessageBuilderWithCommonRequestValues(csrModel, server) + .with(CreateCertRequest::setNotBefore, notBefore) + .with(CreateCertRequest::setNotAfter, notAfter) + .with(CreateCertRequest::setSenderKid, server.getAuthentication().getRv()) + .with(CreateCertRequest::setCmpRequestType, requestType) + .with(CreateCertRequest::setProtection, pkiMessageProtection) + .build(); + } + private Cmpv2CertificationModel executeCmpRequest(CsrModel csrModel, Cmpv2Server cmpv2Server, CreateCertRequest certRequest) throws CmpClientException { final PKIMessage pkiMessage = certRequest.generateCertReq(); diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java index 1233168c..c7454f46 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationModelFactoryTest.java @@ -242,17 +242,25 @@ class CertificationModelFactoryTest { } @Test - void shouldPerformCrWhenCsrAndOldCertDataMatch() throws CertificateDecryptionException, DecryptionException { - //given - mockCsrFactoryModelCreation(); + void shouldPerformCrWhenCsrAndOldCertDataDontMatch() + throws CertificateDecryptionException, DecryptionException, CmpClientException { + // Given + CsrModel csrModel = mockCsrFactoryModelCreation(); + Cmpv2Server testServer = mockCmpv2ProviderServerSelection(); + mockCertificateProviderCertificationRequest(csrModel, testServer); mockCertificateFactoryModelCreation(); + // When when(updateRequestTypeDetector.isKur(any(), any())).thenReturn(false); - //when, then - Exception exception = assertThrows( - UnsupportedOperationException.class, () -> - certificationModelFactory.createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL) - ); - assertEquals(exception.getMessage(), "TODO: implement CR in separate MR"); + CertificationModel certificationModel = certificationModelFactory + .createCertificationModel(TEST_CERTIFICATE_UPDATE_MODEL); + // Then + assertEquals(2, certificationModel.getCertificateChain().size()); + assertThat(certificationModel.getCertificateChain()).contains(INTERMEDIATE_CERT, ENTITY_CERT); + assertEquals(2, certificationModel.getTrustedCertificates().size()); + assertThat(certificationModel.getTrustedCertificates()).contains(CA_CERT, EXTRA_CA_CERT); + + verify(certificationProvider, times(1)) + .certificationRequest(csrModel, testServer); } @Test @@ -276,6 +284,14 @@ class CertificationModelFactoryTest { ).thenReturn(expectedCertificationModel); } + private void mockCertificateProviderCertificationRequest(CsrModel csrModel, Cmpv2Server testServer) + throws CmpClientException { + CertificationModel expectedCertificationModel = getCertificationModel(); + when( + certificationProvider.certificationRequest(csrModel, testServer) + ).thenReturn(expectedCertificationModel); + } + private void mockCertificateProviderCertificateSigning(CsrModel csrModel, Cmpv2Server testServer) throws CmpClientException { CertificationModel expectedCertificationModel = getCertificationModel(); diff --git a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java index 4e7908f5..7d75a655 100644 --- a/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/certification/CertificationProviderTest.java @@ -159,6 +159,28 @@ class CertificationProviderTest { assertThat(trustedCertificates.get(0)).endsWith(EXPECTED_END_OF_CERTIFICATE); } + @Test + void shouldCorrectConvertToCertificationModelForCertificationRequest() + throws IOException, CertificateException, CmpClientException { + + when( + cmpClient.certificationRequest(any(CsrModel.class), any(Cmpv2Server.class)) + ).thenReturn(getCMPv2CertificationModel()); + + CertificationModel certificationModel = certificationProvider + .certificationRequest(csrModel, server); + List certificateChain = certificationModel.getCertificateChain(); + List trustedCertificates = certificationModel.getTrustedCertificates(); + + assertThat(certificateChain.size()).isEqualTo(EXPECTED_SIZE_ONE); + assertThat(certificateChain.get(0)).startsWith(EXPECTED_BEGIN_OF_CERTIFICATE); + assertThat(certificateChain.get(0)).endsWith(EXPECTED_END_OF_CERTIFICATE); + + assertThat(trustedCertificates.size()).isEqualTo(EXPECTED_SIZE_ONE); + assertThat(trustedCertificates.get(0)).startsWith(EXPECTED_BEGIN_OF_CERTIFICATE); + assertThat(trustedCertificates.get(0)).endsWith(EXPECTED_END_OF_CERTIFICATE); + } + @Test void certificationProviderThrowCmpClientWhenCallingClientFailsForUpdateCertificate() throws CmpClientException { diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java index 5a9a6838..0d8b80bd 100644 --- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/ClientTestData.java @@ -26,6 +26,7 @@ import org.onap.oom.certservice.certification.model.CertificateUpdateModel.Certi public final class ClientTestData { static final String KUR_CORRECT_SERVER_RESPONSE_ENCODED = "MIIQ1DCCAV0CAQKkVTBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnSkeTB3MREwDwYDVQQDDAhvbmFwLm9yZzEZMBcGA1UECwwQTGludXgtRm91bmRhdGlvbjENMAsGA1UECgwET05BUDEWMBQGA1UEBwwNU2FuLUZyYW5jaXNjbzETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UEBhMCVVOgERgPMjAyMTA3MDExNTIzMTZaoQ8wDQYJKoZIhvcNAQELBQCiFgQU0pApkFDmdpd/O4a/byDxTEP2UvCkEgQQASuQH1HOfmX2elKP64XeAKUSBBDsl5fcNATjjIzirfNQHWSIphIEEPXCSC7+2HFXYzme2leNfiaoDjAMMAoGCCsGAQUFBwQNqIIJQzCCCT+hggSfMIIEmzCCBJcwggL/oAMCAQICFHMJ9tfA0fUCNTkaxkm9nsWn9radMA0GCSqGSIb3DQEBCwUAMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDAeFw0yMTA3MDExMzUyMDJaFw0zMTA3MDExMzUyMDFaMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKVNgchumOQ+9nQu4y+5Fux8TAy/d7ChqP/Rq4jy/63vqIIqYPUns2aF9FG2B+mQrj5T5xil2iw3a8F/6AGmJ6tYeIQO+Rctj+yJt63LsNNRe5AZN20mxUlNES269Dzrj/qzayFzaRUtbaJ06S4EtJe73zJAH2wQZRS7kmUFA+qKtDhwetLgXvLzhe6Jaum3sHblM4zYKo6FM+XEfXLlglzGVAO9fmRM0jQybQ3haZHdNMJJQfUPOiUN/+aaHuACyrskY/upbTXUbcmx2PoE/YpbQ6ie3fSVsBuRCAY2FpaiwB1dWD9156Jy4sgnwK756dXy2bzncsZNHANtRBRem+jFBiN2zCT3cGI1hCpFRRE6rG6cUchTY6idRFImy7bUZzinkgjsPCnT/tUE78oAO5W++ZQp1aZ/CSg8thW6bqBJ0pAOqP9ubZTOQY8xaynggnTvLZXFBZULMZ4kl2mReIuOlNQSNceaJ2PNoaSwd5BKzwggO2OMLun6Zrji8b70dwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKQKZBQ5naXfzuGv28g8UxD9lLwMB0GA1UdDgQWBBTSkCmQUOZ2l387hr9vIPFMQ/ZS8DAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggGBAH+nECgFKdaM/8DbvsBq9IoQrWKE79BPEo+jWlYNuYmVsBPnh/YiebT/OKH1VQUim523FnCjogVncDByvdusloQ6tTpI93Cp+DxKP06ew1oEsWgRVr2nyDGIA9PAHgkgcpHcKHTcYT1iDCHtFr/rYpo2nGFBVQKvCIxXxMKc55WyVjaHLZ3uWBXGxm6Pmd3DGhRtHlrY6VYOaRd6fg9+RQQnjcyMez4yOG5cigACFQaaWGO5kwvYhL7tQ47feudyzo9mWpQvJo+mZ70sRIXENzyZXvFb046taQmDXoDwE5U93kSl5UDlEELZMNjSvY0Agm8B50B63i++ohoaCMhX0fD/xANilAgjBYNcq06FicQ4ZLgR7u76m3HguGDRlNcJe5xiQNfDw6YJZtFiNZls4e7PqHjTa77z2k4pnoDpDv7tr25fTHDXUruQoY/oFKc+sOmtw4gXkTmAFUGsOOC53CbWhiqI1EPNRf20slKeo5HaOQ8dqRUAyw3YZjBeLcYqhjCCBJgwggSUAgQBSYZ8MAMCAQAwggSFoIIEgTCCBH0wggLloAMCAQICFEBWq68RGhg0HKqvV8GOPyxazGCvMA0GCSqGSIb3DQEBCwUAMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDAeFw0yMTA3MDExNTEzMTZaFw0yMzA3MDExNTEzMTVaMHcxETAPBgNVBAMMCG9uYXAub3JnMRkwFwYDVQQLDBBMaW51eC1Gb3VuZGF0aW9uMQ0wCwYDVQQKDARPTkFQMRYwFAYDVQQHDA1TYW4tRnJhbmNpc2NvMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANPJAKAkydOi/N9me/p/fBKcuHIBxtkf0R377wgEKLfJFFb+e5P5wz0EKpQvYfPGnELmxWHex8K4zhHAjkdoLw0dX0ODSgBXvbGxrBcMa+Nj0ZBvbI0vD0jzR4nhCZrNd+KuJAos1KI/vOzJeQRDKbZlE5CK9ILOp3U0o8Ld+Giof69EWFqmR+bBOTifckenDNoONJ0oxBtHNu/ECcXRWdP4GHa2wX0rQv8JJ9IiHbnh3SLVOh1b6GR0FUQE0yPsWt5Gf6G+inoJnxsX8c2Dr/vtVRZfPmAG0bWe9H25XPgSbmkdeYoXT6HPDJg0CeImqKSGVAX/6PVKyLypLNX1gsMCAwEAAaOBpDCBoTAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFNKQKZBQ5naXfzuGv28g8UxD9lLwMBgGA1UdEQQRMA+CDXRlc3Qub25hcC5vcmcwJwYDVR0lBCAwHgYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDATAdBgNVHQ4EFgQUat5107sM5vSzDfuxcVnd+0ekdnYwDgYDVR0PAQH/BAQDAgXgMA0GCSqGSIb3DQEBCwUAA4IBgQA9uEXgby95mPuFc5gK1tdLVewHsFSYNfVeKfGCw7nRRbbIKRspBl4RlZEk/+kiLC+sW/kWnuu/RxYWq+pgWHMBStrKDnTOEDj2ZTJjORTOxsOCrj1uyLxOtGJlD6N3y601z10bW23ES+/hxF2/jOnjk6/7Sh8/gpyWxQ/6Ntx0mS0eLvQO42NeEpK3EsF6urpyv5yl7gzHoLzjpsnyLIUQifdx3RWQE4EdlHxiYXf9Z6JUxRat2SBdmMtzDov2ufK1ghcuE886vRbRhkzgFQFBireISs730lfgQViqiLcmXBbEyuw3DXHdrlF5iLEdAaAFDKzrmphbJYp5E4hQ7HxS/tlYBi1kH8J6iM2oIGkf0inzl9imddAJQ2jfZjjTgCN+AqS7JRPvz+p6pXo75zwrkcgRhBoY71ATxVXDo+nqjt9MU+dDndyzluEkqI/rxWtlvzjh2xgVNa7jKPts35WMzEkq0qjy69gC7FEb3jSMqKOch7EGgTiIgwj9s5HauUCgggGFA4IBgQAShyiPKdHfoNojfOGhb7MEZNcGx1iolD+ffICYz6MXoVWXIXQ0GQHKru3zmcjqwuTxO51rFNFM4FkUNuogdZsX5KK/vDy7pCeBnLY9Z3zEA4jtgNjJtoWiTzCfWAXpuMO4LXkQxeex8M1uXINugZCFDShJaUBtiYhfyuoE6UX6ta91P703eq5fcFvFT6+Wsop5x2Zc0ie20XiIlDLYvguqzAJ2sUZU5hLIgQ4PpOBxoaDsXtMljTCPE7Njjo0UotCQwmFLD1l3Em6nXXSLHKeCfihCdMy+m7HjVDktCKqbS1wZVTplFGaGFV9cRI1xAMDMq8UakG35GWK+Q7EZwHw/AsmHHc7GHlm+dQj7hfLcoRzm/VM8iYUmxK8rF6waNU+mVp/lNIS1OefaINSz5EPETurUpYh5f2CRJ19u1C6vrFZFfne7mpm+nV3b89YmJclVfNF1X5cAe2oV+03KyaVjKjNbHngWNtSWZ8Td2mM2BtzNgpdK5iawJ5UaJUFaMrGhggSfMIIEmzCCBJcwggL/oAMCAQICFHMJ9tfA0fUCNTkaxkm9nsWn9radMA0GCSqGSIb3DQEBCwUAMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDAeFw0yMTA3MDExMzUyMDJaFw0zMTA3MDExMzUyMDFaMFMxFTATBgoJkiaJk/IsZAEBDAUxMjM0NTEVMBMGA1UEAwwMTWFuYWdlbWVudENBMSMwIQYDVQQKDBpFSkJDQSBDb250YWluZXIgUXVpY2tzdGFydDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAKVNgchumOQ+9nQu4y+5Fux8TAy/d7ChqP/Rq4jy/63vqIIqYPUns2aF9FG2B+mQrj5T5xil2iw3a8F/6AGmJ6tYeIQO+Rctj+yJt63LsNNRe5AZN20mxUlNES269Dzrj/qzayFzaRUtbaJ06S4EtJe73zJAH2wQZRS7kmUFA+qKtDhwetLgXvLzhe6Jaum3sHblM4zYKo6FM+XEfXLlglzGVAO9fmRM0jQybQ3haZHdNMJJQfUPOiUN/+aaHuACyrskY/upbTXUbcmx2PoE/YpbQ6ie3fSVsBuRCAY2FpaiwB1dWD9156Jy4sgnwK756dXy2bzncsZNHANtRBRem+jFBiN2zCT3cGI1hCpFRRE6rG6cUchTY6idRFImy7bUZzinkgjsPCnT/tUE78oAO5W++ZQp1aZ/CSg8thW6bqBJ0pAOqP9ubZTOQY8xaynggnTvLZXFBZULMZ4kl2mReIuOlNQSNceaJ2PNoaSwd5BKzwggO2OMLun6Zrji8b70dwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKQKZBQ5naXfzuGv28g8UxD9lLwMB0GA1UdDgQWBBTSkCmQUOZ2l387hr9vIPFMQ/ZS8DAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggGBAH+nECgFKdaM/8DbvsBq9IoQrWKE79BPEo+jWlYNuYmVsBPnh/YiebT/OKH1VQUim523FnCjogVncDByvdusloQ6tTpI93Cp+DxKP06ew1oEsWgRVr2nyDGIA9PAHgkgcpHcKHTcYT1iDCHtFr/rYpo2nGFBVQKvCIxXxMKc55WyVjaHLZ3uWBXGxm6Pmd3DGhRtHlrY6VYOaRd6fg9+RQQnjcyMez4yOG5cigACFQaaWGO5kwvYhL7tQ47feudyzo9mWpQvJo+mZ70sRIXENzyZXvFb046taQmDXoDwE5U93kSl5UDlEELZMNjSvY0Agm8B50B63i++ohoaCMhX0fD/xANilAgjBYNcq06FicQ4ZLgR7u76m3HguGDRlNcJe5xiQNfDw6YJZtFiNZls4e7PqHjTa77z2k4pnoDpDv7tr25fTHDXUruQoY/oFKc+sOmtw4gXkTmAFUGsOOC53CbWhiqI1EPNRf20slKeo5HaOQ8dqRUAyw3YZjBeLcYqhg=="; + static final String CR_CORRECT_SERVER_RESPONSE_ENCODED = "MIIQ3DCCAWECAQKkVTBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnSkfTB7MRUwEwYDVQQDDAxuZXctb25hcC5vcmcxDTALBgNVBAsMBE9OQVAxGTAXBgNVBAoMEExpbnV4LUZvdW5kYXRpb24xFjAUBgNVBAcMDVNhbi1GcmFuY2lzY28xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVToBEYDzIwMjEwNzA1MTAyMTA0WqEPMA0GCSqGSIb3DQEBCwUAohYEFM+Pii0Tg0Fz9pJ9on8Xfx3WeJFXpBIEEOl66XIZwkWKMTyK1TxSjfSlEgQQ8qF3GT90eTVtTiE8/rgkoqYSBBDbIJFvoEyxzu6vG2JVR8gcqA4wDDAKBggrBgEFBQcEDaOCCUcwgglDoYIEnzCCBJswggSXMIIC/6ADAgECAhQNEl0HWiFv/9JmJaINeSqiMl4icjANBgkqhkiG9w0BAQsFADBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnQwHhcNMjEwNzA1MTAxODQ3WhcNMzEwNzA1MTAxODQ2WjBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnQwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCkLt554YW0vv0E4DBTSBnd3AK4HECEMilOBttJoArTc+aj8H1ENUXYWgcBJ3CXQfJv8hLkgcv/cAtLlzVPxLYK60HwUL23s8mXTS1uPcX/3IzpX7E7wfBeCNLSbuK42FtMQjxKCrpZvzuxpUpqAauBDyeg5LrGojVJv0Hr40t29WKZTxv01X/dpEyTrus2h7N/K+rhX1/JaNw5+0E2/f/Fk8IxC+M97BmjUha5BQkVK9DTgosC5MB43eaT/YiG6kPKJCssO1sCovtqHZUdQFsjV1MmRZZdseyJ+5b7sS8iuMJhGbXKSLi5KceD7y5juNvUkG7ct/WVxB7yCf33J5rTetS3qfZkxclVcl7A43HToZHA6iLFKou5fPLTmT6ndsNEiRryqw5gArVMtw9BoulC8HIy7f3RDi0h3yIB8p+Sglt3d2JJ2kaHcE5miaB1+pfZKzVLa//eHMcUHbciUBGqdAiGi3RDQ8EGpMQUKWCZMpWdu9sHGpEqpnxcCD45FTMCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTPj4otE4NBc/aSfaJ/F38d1niRVzAdBgNVHQ4EFgQUz4+KLRODQXP2kn2ifxd/HdZ4kVcwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBgQBseB3QdY5thGZ3zC/u7gBsKcQbnC6DAA5hpsYuZM10MzOVsMlIV//jURyodSG6OqFGO4UQWdreYt9YEZx4gIGUSOWAGFMLkV8Cj6TzkATT97gdigkp1OlJ3zzs9ZGk/ij9MLSYUcKYKO6FRMQYF4pkssAdTmxmSsbj9jNNdZnf3pRhh7qBz/CA5Jm4XToetIKap57JWotsdnJA3+p1hNAQteza+PaAbqOEAxQh0PgO770MkLe/qUEpUKHr+DDprvsS77xoKEuPIiIv5hEOR4w2aoQSoJFzWK6CTglLTTcI+evVR+0edTeRwJOyAI4KfZkZgCpo73d1wfPtLI2ipU05uzJ1fhM4fY5IX1OLSYMVP0D8oU4xQjts8/XM2Yen0OuU06uyGjThIG3UeVNOyC+rXlEYM61AClzVUcLguctfgl5ncgSgtSA1B+zQYhie3RcxJtN058K8L2iNDV55IkcAyl6DoAbGcAmetxDKC3Tbn1gRKEt+JJo+BQvBsYUJRZ4wggScMIIEmAIEW1M1iTADAgEAMIIEiaCCBIUwggSBMIIC6aADAgECAhQHgFwoOV7ynMsqorIqNbXM/lGCnTANBgkqhkiG9w0BAQsFADBTMRUwEwYKCZImiZPyLGQBAQwFMTIzNDUxFTATBgNVBAMMDE1hbmFnZW1lbnRDQTEjMCEGA1UECgwaRUpCQ0EgQ29udGFpbmVyIFF1aWNrc3RhcnQwHhcNMjEwNzA1MTAxODQ3WhcNMjMwNzA1MTAxMTAzWjB7MRUwEwYDVQQDDAxuZXctb25hcC5vcmcxDTALBgNVBAsMBE9OQVAxGTAXBgNVBAoMEExpbnV4LUZvdW5kYXRpb24xFjAUBgNVBAcMDVNhbi1GcmFuY2lzY28xEzARBgNVBAgMCkNhbGlmb3JuaWExCzAJBgNVBAYTAlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+2enbtUCb/5askOeN+lOhZ6nGtViBdrJty3Qufud3KAFMlDclY+Hk1V155fOT6X8H4Ra4G+nEPI59ZvgMs/Fn+6SzkcRTGdpW8GO4lY3lrCZAMlAUr8HUseAaMvBs4O9hOUh7t+UFQlIb08AlF98InAhIK97eDZX+UnpHOL93l+kL3yfWX7d8mgnrkD/+fgEuFuTBRIixFRD02ED/P/w9UNHKKsMd736nd0bhY2oYZxS5v14KVulCAYvUJ227cBt9aIZ+N5lb0CDh8l0+HXogI2VoIlaSCej3ErLMf3Ponk6zivZsk9R/QmqYZtG2irxk8KpksqVP8qtH8omr/HfwIDAQABo4GkMIGhMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUz4+KLRODQXP2kn2ifxd/HdZ4kVcwGAYDVR0RBBEwD4INdGVzdC5vbmFwLm9yZzAnBgNVHSUEIDAeBggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMBMB0GA1UdDgQWBBQ4Dq29q6Jnte9BJ/85Nnb7kVTENjAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQELBQADggGBAHfgowwiI08FJ92KhG7zA+d6gUdDwslF3tZGg6ZfRYNjoVry1EE9ZcF0uawjfcFXw/zC9v3cha+geheYYJIxkFGGRIQGK+1/csvsm90umNHAtE6+2eec2YMlwEkDE4PGlnjOWmsU1TIQmM+Q6smNz+Mht0kcHPnX3l+W6yxnoW6odP4vnEMcQtpXFSuJ8iAwux3v2UkrEw0YTtqtBuAZ7WjrqFmnqu1++9QZmXlsKtMZhqmqqTkRPIyrTHgZtsNhZP5L2MMnvYFmgtqjCkciPniE8oQtde1W6wCUEC5sxBSYbNWVOB8gKGMgzNwDpL+NervbOkcnR4MT9OK3Podu8JPpNOAHjF9prH8+paKrQrJPM/YV41GnWw2wCuR7pCkz5ocTxqdmzOelEqd+kfv9b4N48HX1W87KDxUqsEOfZeW3taAWjhp+nLWaUEWX7eIfJteMBzCsFGHHiK3HA+q0nPHD2hQJD3gn01LKafinVL+mP51uiDxj2DHyW7DJDJg4UqCCAYUDggGBAF3DAlUKGihKx0Oh45f0Y+rAfTq8PlfTVwZjwxNMEbCTXGWzMlWAQiqoPmJIv4QgucSmcD+2sILe7tNXh1VWIevsSZm/w5Gu/5l4ALwFCCy2I+qzpl3pFpNyeoIgaOBz/pWi4zoP66LXPzxwjjoWHYPSoY+Lq4D8GUfcCOIOFQ5Sncm/1BmWLBDBfSWd4kbkT/tB7LTaHkvywZDBmQYz3FFPnOruW7mL2KRFG+Q6/vQijag5sUMUjHfplleDSTlhDrsma4gVhZsc2tOPFAPzbhrtTS09UDNGGAayGMZXF5CDFqNcqcdO2JL/BgeaVXpgqPMie5UtZ0qeOmQl2L7/SHWXqlp5qHfjjMyJf9qg6+EtWWH98ZkZYqi7wVJRCG4+s8K6HIT9JLQgzgtrwDwSXoo6WS0+5Z2y0/1XOVcSYqJY19ebs+yAPq7hG1yfqg8YOCgRMMqAsMPTOVwXwHTn+fWQ/r+uhkPQGJYVXxrQGnWk/VEXILcbpB/biHUgsvB5H6GCBJ8wggSbMIIElzCCAv+gAwIBAgIUDRJdB1ohb//SZiWiDXkqojJeInIwDQYJKoZIhvcNAQELBQAwUzEVMBMGCgmSJomT8ixkAQEMBTEyMzQ1MRUwEwYDVQQDDAxNYW5hZ2VtZW50Q0ExIzAhBgNVBAoMGkVKQkNBIENvbnRhaW5lciBRdWlja3N0YXJ0MB4XDTIxMDcwNTEwMTg0N1oXDTMxMDcwNTEwMTg0NlowUzEVMBMGCgmSJomT8ixkAQEMBTEyMzQ1MRUwEwYDVQQDDAxNYW5hZ2VtZW50Q0ExIzAhBgNVBAoMGkVKQkNBIENvbnRhaW5lciBRdWlja3N0YXJ0MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApC7eeeGFtL79BOAwU0gZ3dwCuBxAhDIpTgbbSaAK03Pmo/B9RDVF2FoHASdwl0Hyb/IS5IHL/3ALS5c1T8S2CutB8FC9t7PJl00tbj3F/9yM6V+xO8HwXgjS0m7iuNhbTEI8Sgq6Wb87saVKagGrgQ8noOS6xqI1Sb9B6+NLdvVimU8b9NV/3aRMk67rNoezfyvq4V9fyWjcOftBNv3/xZPCMQvjPewZo1IWuQUJFSvQ04KLAuTAeN3mk/2IhupDyiQrLDtbAqL7ah2VHUBbI1dTJkWWXbHsifuW+7EvIrjCYRm1yki4uSnHg+8uY7jb1JBu3Lf1lcQe8gn99yea03rUt6n2ZMXJVXJewONx06GRwOoixSqLuXzy05k+p3bDRIka8qsOYAK1TLcPQaLpQvByMu390Q4tId8iAfKfkoJbd3diSdpGh3BOZomgdfqX2Ss1S2v/3hzHFB23IlARqnQIhot0Q0PBBqTEFClgmTKVnbvbBxqRKqZ8XAg+ORUzAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUz4+KLRODQXP2kn2ifxd/HdZ4kVcwHQYDVR0OBBYEFM+Pii0Tg0Fz9pJ9on8Xfx3WeJFXMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAYEAbHgd0HWObYRmd8wv7u4AbCnEG5wugwAOYabGLmTNdDMzlbDJSFf/41EcqHUhujqhRjuFEFna3mLfWBGceICBlEjlgBhTC5FfAo+k85AE0/e4HYoJKdTpSd887PWRpP4o/TC0mFHCmCjuhUTEGBeKZLLAHU5sZkrG4/YzTXWZ396UYYe6gc/wgOSZuF06HrSCmqeeyVqLbHZyQN/qdYTQELXs2vj2gG6jhAMUIdD4Du+9DJC3v6lBKVCh6/gw6a77Eu+8aChLjyIiL+YRDkeMNmqEEqCRc1iugk4JS003CPnr1UftHnU3kcCTsgCOCn2ZGYAqaO93dcHz7SyNoqVNObsydX4TOH2OSF9Ti0mDFT9A/KFOMUI7bPP1zNmHp9DrlNOrsho04SBt1HlTTsgvq15RGDOtQApc1VHC4LnLX4JeZ3IEoLUgNQfs0GIYnt0XMSbTdOfCvC9ojQ1eeSJHAMpeg6AGxnAJnrcQygt0259YEShLfiSaPgULwbGFCUWe"; private static final String TEST_CA = "TestCA"; private static final String WRONG_OLD_CERT = "wrong old cert"; diff --git a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java index 7ae42b35..de0a100c 100644 --- a/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java +++ b/certService/src/test/java/org/onap/oom/certservice/cmpv2client/Cmpv2ClientTest.java @@ -169,6 +169,35 @@ class Cmpv2ClientTest { } + @Test + void shouldReturnCorrectCmpCertificateForCorrectCertificationRequest() throws CmpClientException, IOException { + + // given + setCsrModelAndServerTestDefaultValues(); + when(httpClient.execute(any())).thenReturn(httpResponse); + when(httpResponse.getEntity()).thenReturn(httpEntity); + + doAnswer( + invocation -> { + OutputStream os = invocation.getArgument(0); + os.write(BASE64_DECODER.decode(ClientTestData.CR_CORRECT_SERVER_RESPONSE_ENCODED.getBytes())); + return null; + }) + .when(httpEntity) + .writeTo(any(OutputStream.class)); + CmpClientImpl cmpClient = new CmpClientImpl(httpClient); + + // when + Cmpv2CertificationModel cmpClientResult = + cmpClient.certificationRequest(csrModel, server); + + // then + assertNotNull(cmpClientResult); + assertThat(cmpClientResult.getCertificateChain()).isNotEmpty(); + assertThat(cmpClientResult.getCertificateChain()).isNotEmpty(); + + } + @Test void shouldThrowCmpClientExceptionWhenCannotParseOldPrivateKey() { setCsrModelAndServerTestDefaultValues(); -- 2.16.6